vendor c/common@0ededd18a1

Update the login tests to reflect the latest changes to allow http{s}
prefixes (again) to address bugzilla.redhat.com/show_bug.cgi?id=2062072.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/containernetworking/cni v1.0.1
 	github.com/containernetworking/plugins v1.1.1
 	github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5
-	github.com/containers/common v0.47.5-0.20220228211119-9880eb424fde
+	github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.20.1-0.20220310094651-0d8056ee346f
 	github.com/containers/ocicrypt v1.1.2

go.sum

@@ -285,7 +285,6 @@ github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTV
 github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
 github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
 github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
-github.com/containerd/containerd v1.6.0/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
 github.com/containerd/containerd v1.6.1 h1:oa2uY0/0G+JX4X7hpGCYvkp9FjUancz56kSNnb1sG3o=
 github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -350,14 +349,13 @@ github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtr
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
 github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containernetworking/plugins v1.1.0/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
 github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE=
 github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
 github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5 h1:RMJG1wCPQqZX7o9xGzpmR0U7NppgquSQunTi8qmP9Do=
 github.com/containers/buildah v1.24.3-0.20220310160415-5ec70bf01ea5/go.mod h1:C5+kt1nmYVf1N+/pk4WepycLD+m4lEIRgJQ0eXqhADo=
 github.com/containers/common v0.47.4/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc=
-github.com/containers/common v0.47.5-0.20220228211119-9880eb424fde h1:zLBqM8I+wiIgzmQhJ+n2zrB+cpxdGmzA/HkCxJbmGok=
+github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9 h1:+uNhZTl7nBm4GLCKb4Np8BDhw2uMmC8+D/KuH8nIjGA=
-github.com/containers/common v0.47.5-0.20220228211119-9880eb424fde/go.mod h1:pksCYxGMnUwntsUMdsq/eClGsASoDsdDOZz+YxDxAJY=
+github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9/go.mod h1:j1nTHtSRoBgVqAoV6X13EGIrTU5jP1GYyEsE4N9DXng=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE=

test/e2e/login_logout_test.go

@@ -417,12 +417,12 @@ var _ = Describe("Podman login and logout", func() {
 		Expect(authInfo).NotTo(HaveKey(testRepos[1]))
 	})
 
-	It("podman login with repository invalid arguments", func() {
+	It("podman login with http{s} prefix", func() {
 		authFile := filepath.Join(podmanTest.TempDir, "auth.json")
 
 		for _, invalidArg := range []string{
 			"https://" + server + "/podmantest",
-			server + "/podmantest/image:latest",
+			"http://" + server + "/podmantest/image:latest",
 		} {
 			session := podmanTest.Podman([]string{
 				"login",
@@ -432,7 +432,7 @@ var _ = Describe("Podman login and logout", func() {
 				invalidArg,
 			})
 			session.WaitWithDefaultTimeout()
-			Expect(session).Should(ExitWithError())
+			Expect(session).To(Exit(0))
 		}
 	})
 

vendor/github.com/containers/common/libimage/runtime.go

@@ -592,6 +592,8 @@ type RemoveImagesOptions struct {
 	// containers using a specific image.  By default, all containers in
 	// the local containers storage will be removed (if Force is set).
 	RemoveContainerFunc RemoveContainerFunc
+	// Ignore if a specified image does not exist and do not throw an error.
+	Ignore bool
 	// IsExternalContainerFunc allows for checking whether the specified
 	// container is an external one (when containers=external filter is
 	// used).  The definition of an external container can be set by
@@ -677,6 +679,9 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem
 		for _, name := range names {
 			img, resolvedName, err := r.LookupImage(name, lookupOptions)
 			if err != nil {
+				if options.Ignore && errors.Is(err, storage.ErrImageUnknown) {
+					continue
+				}
 				appendError(err)
 				continue
 			}

vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -128,15 +129,21 @@ func findPluginByName(plugins []*libcni.NetworkConfig, name string) bool {
 // It returns an array of subnets and an extra bool if dhcp is configured.
 func convertIPAMConfToNetwork(network *types.Network, ipam *ipamConfig, confPath string) error {
 	if ipam.PluginType == types.DHCPIPAMDriver {
-		network.IPAMOptions["driver"] = types.DHCPIPAMDriver
+		network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
 		return nil
 	}
 
 	if ipam.PluginType != types.HostLocalIPAMDriver {
-		return errors.Errorf("unsupported ipam plugin %s in %s", ipam.PluginType, confPath)
+		// This is not an error. While we only support certain ipam drivers, we
+		// cannot make it fail for unsupported ones. CNI is still able to use them,
+		// just our translation logic cannot convert this into a Network.
+		// For the same reason this is not warning, it would just be annoying for
+		// everyone using a unknown ipam driver.
+		logrus.Infof("unsupported ipam plugin %q in %s", ipam.PluginType, confPath)
+		return nil
 	}
 
-	network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
+	network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
 	for _, r := range ipam.Ranges {
 		for _, ipam := range r {
 			s := types.Subnet{}

vendor/github.com/containers/common/libnetwork/cni/cni_exec.go

@@ -16,6 +16,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//go:build linux
 // +build linux
 
 package cni

vendor/github.com/containers/common/libnetwork/cni/cni_types.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni

vendor/github.com/containers/common/libnetwork/cni/config.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -197,12 +198,12 @@ func createIPMACVLAN(network *types.Network) error {
 		}
 	}
 	if len(network.Subnets) == 0 {
-		network.IPAMOptions["driver"] = types.DHCPIPAMDriver
+		network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
 		if network.Internal {
 			return errors.New("internal is not supported with macvlan and dhcp ipam driver")
 		}
 	} else {
-		network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
+		network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
 	}
 	return nil
 }

vendor/github.com/containers/common/libnetwork/cni/network.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni

vendor/github.com/containers/common/libnetwork/cni/run.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni

vendor/github.com/containers/common/libnetwork/internal/util/bridge.go

@@ -27,7 +27,7 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet,
 		}
 	}
 
-	if network.IPAMOptions["driver"] != types.DHCPIPAMDriver {
+	if network.IPAMOptions[types.Driver] != types.DHCPIPAMDriver {
 		if len(network.Subnets) == 0 {
 			freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks, subnetPools)
 			if err != nil {
@@ -63,7 +63,7 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet,
 				network.Subnets = append(network.Subnets, *freeSubnet)
 			}
 		}
-		network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
+		network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
 	}
 	return nil
 }

vendor/github.com/containers/common/libnetwork/internal/util/validate.go

@@ -109,7 +109,7 @@ func validatePerNetworkOpts(network *types.Network, netOpts *types.PerNetworkOpt
 	if netOpts.InterfaceName == "" {
 		return errors.Errorf("interface name on network %s is empty", network.Name)
 	}
-	if network.IPAMOptions["driver"] == types.HostLocalIPAMDriver {
+	if network.IPAMOptions[types.Driver] == types.HostLocalIPAMDriver {
 	outer:
 		for _, ip := range netOpts.StaticIPs {
 			for _, s := range network.Subnets {

vendor/github.com/containers/common/libnetwork/netavark/config.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -130,6 +131,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 		if err != nil {
 			return nil, err
 		}
+		defer f.Close()
 		enc := json.NewEncoder(f)
 		enc.SetIndent("", "     ")
 		err = enc.Encode(newNetwork)
@@ -154,7 +156,7 @@ func createMacvlan(network *types.Network) error {
 	if len(network.Subnets) == 0 {
 		return errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not supported with netavark")
 	}
-	network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
+	network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
 
 	// validate the given options, we do not need them but just check to make sure they are valid
 	for key, value := range network.Options {

vendor/github.com/containers/common/libnetwork/netavark/const.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark

vendor/github.com/containers/common/libnetwork/netavark/exec.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark

vendor/github.com/containers/common/libnetwork/netavark/ipam.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -361,7 +362,7 @@ func (n *netavarkNetwork) deallocIPs(opts *types.NetworkOptions) error {
 // it checks the ipam driver and if subnets are set
 func requiresIPAMAlloc(network *types.Network) bool {
 	// only do host allocation when driver is set to HostLocalIPAMDriver or unset
-	switch network.IPAMOptions["driver"] {
+	switch network.IPAMOptions[types.Driver] {
 	case "", types.HostLocalIPAMDriver:
 	default:
 		return false

vendor/github.com/containers/common/libnetwork/netavark/network.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark

vendor/github.com/containers/common/libnetwork/netavark/run.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -44,6 +45,16 @@ func (n *netavarkNetwork) Setup(namespacePath string, options types.SetupOptions
 		return nil, errors.Wrap(err, "failed to convert net opts")
 	}
 
+	// Warn users if one or more networks have dns enabled
+	// but aardvark-dns binary is not configured
+	for _, network := range netavarkOpts.Networks {
+		if network != nil && network.DNSEnabled && n.aardvarkBinary == "" {
+			// this is not a fatal error we can still use container without dns
+			logrus.Warnf("aardvark-dns binary not found, container dns will not be enabled")
+			break
+		}
+	}
+
 	// trace output to get the json
 	if logrus.IsLevelEnabled(logrus.TraceLevel) {
 		b, err := json.Marshal(&netavarkOpts)

vendor/github.com/containers/common/libnetwork/network/interface.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package network
@@ -61,11 +62,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 			return "", nil, err
 		}
 
-		aardvarkBin, err := conf.FindHelperBinary(aardvarkBinary, false)
+		aardvarkBin, _ := conf.FindHelperBinary(aardvarkBinary, false)
-		if err != nil {
-			// this is not a fatal error we can still use netavark without dns
-			logrus.Warnf("%s binary not found, container dns will not be enabled", aardvarkBin)
-		}
 
 		confDir := conf.Network.NetworkConfigDir
 		if confDir == "" {

vendor/github.com/containers/common/libnetwork/types/const.go

@@ -11,6 +11,7 @@ const (
 	IPVLANNetworkDriver = "ipvlan"
 
 	// IPAM drivers
+	Driver = "driver"
 	// HostLocalIPAMDriver store the ip
 	HostLocalIPAMDriver = "host-local"
 	// DHCPIPAMDriver get subnet and ip from dhcp server

vendor/github.com/containers/common/libnetwork/util/filters.go

@@ -29,7 +29,7 @@ func createFilterFuncs(key string, filterValues []string) (types.FilterFunc, err
 			return util.StringMatchRegexSlice(net.Name, filterValues)
 		}, nil
 
-	case "driver":
+	case types.Driver:
 		// matches network driver
 		return func(net types.Network) bool {
 			return util.StringInSlice(net.Driver, filterValues)

vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go

@@ -1,3 +1,4 @@
+//go:build linux && apparmor
 // +build linux,apparmor
 
 package apparmor

vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go

@@ -1,3 +1,4 @@
+//go:build linux && apparmor
 // +build linux,apparmor
 
 package apparmor

vendor/github.com/containers/common/pkg/apparmor/apparmor_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux || !apparmor
 // +build !linux !apparmor
 
 package apparmor

vendor/github.com/containers/common/pkg/auth/auth.go

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"context"
 	"fmt"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -165,20 +166,21 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 // parseCredentialsKey turns the provided argument into a valid credential key
 // and computes the registry part.
 func parseCredentialsKey(arg string, acceptRepositories bool) (key, registry string, err error) {
+	// URL arguments are replaced with their host[:port] parts.
+	key, err = replaceURLByHostPort(arg)
+	if err != nil {
+		return "", "", err
+	}
+
+	split := strings.Split(key, "/")
+	registry = split[0]
+
 	if !acceptRepositories {
-		registry = getRegistryName(arg)
+		return registry, registry, nil
-		key = registry
-		return key, registry, nil
 	}
 
-	key = trimScheme(arg)
+	// Return early if the key isn't namespaced or uses an http{s} prefix.
-	if key != arg {
-		return "", "", errors.New("credentials key has https[s]:// prefix")
-	}
-
-	registry = getRegistryName(key)
 	if registry == key {
-		// The key is not namespaced
 		return key, registry, nil
 	}
 
@@ -202,24 +204,18 @@ func parseCredentialsKey(arg string, acceptRepositories bool) (key, registry str
 	return key, registry, nil
 }
 
-// getRegistryName scrubs and parses the input to get the server name
+// If the specified string starts with http{s} it is replaced with it's
-func getRegistryName(server string) string {
+// host[:port] parts; everything else is stripped. Otherwise, the string is
-	// removes 'http://' or 'https://' from the front of the
+// returned as is.
-	// server/registry string if either is there.  This will be mostly used
+func replaceURLByHostPort(repository string) (string, error) {
-	// for user input from 'Buildah login' and 'Buildah logout'.
+	if !strings.HasPrefix(repository, "https://") && !strings.HasPrefix(repository, "http://") {
-	server = trimScheme(server)
+		return repository, nil
-	// gets the registry from the input. If the input is of the form
+	}
-	// quay.io/myuser/myimage, it will parse it and just return quay.io
+	u, err := url.Parse(repository)
-	split := strings.Split(server, "/")
+	if err != nil {
-	return split[0]
+		return "", fmt.Errorf("trimming http{s} prefix: %v", err)
-}
+	}
-
+	return u.Host, nil
-// trimScheme removes the HTTP(s) scheme from the provided repository.
-func trimScheme(repository string) string {
-	// removes 'http://' or 'https://' from the front of the
-	// server/registry string if either is there.  This will be mostly used
-	// for user input from 'Buildah login' and 'Buildah logout'.
-	return strings.TrimPrefix(strings.TrimPrefix(repository, "https://"), "http://")
 }
 
 // getUserAndPass gets the username and password from STDIN if not given

vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cgroups

vendor/github.com/containers/common/pkg/cgroups/cgroups_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package cgroups

vendor/github.com/containers/common/pkg/cgroupv2/cgroups_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package cgroupv2

vendor/github.com/containers/common/pkg/chown/chown_unix.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package chown

vendor/github.com/containers/common/pkg/config/config.go

@@ -249,6 +249,10 @@ type EngineConfig struct {
 	// EventsLogFilePath is where the events log is stored.
 	EventsLogFilePath string `toml:"events_logfile_path,omitempty"`
 
+	// EventsLogFileMaxSize sets the maximum size for the events log. When the limit is exceeded,
+	// the logfile is rotated and the old one is deleted.
+	EventsLogFileMaxSize uint64 `toml:"events_logfile_max_size,omitempty"`
+
 	// EventsLogger determines where events should be logged.
 	EventsLogger string `toml:"events_logger,omitempty"`
 

vendor/github.com/containers/common/pkg/config/config_local.go

@@ -1,3 +1,4 @@
+//go:build !remote
 // +build !remote
 
 package config

vendor/github.com/containers/common/pkg/config/config_remote.go

@@ -1,3 +1,4 @@
+//go:build remote
 // +build remote
 
 package config

vendor/github.com/containers/common/pkg/config/config_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package config

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -371,6 +371,12 @@ default_sysctls = [
 # Define where event logs will be stored, when events_logger is "file".
 #events_logfile_path=""
 
+# Sets the maximum size for events_logfile_path in bytes. When the limit is exceeded,
+# the logfile will be rotated and the old one will be deleted.
+# If the maximum size is set to 0, then no limit will be applied,
+# and the logfile will not be rotated.
+#events_logfile_max_size = 0
+
 # Selects which logging mechanism to use for container engine events.
 # Valid values are `journald`, `file` and `none`.
 #

vendor/github.com/containers/common/pkg/config/default.go

@@ -276,7 +276,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 		storeOpts.GraphRoot = _defaultGraphRoot
 	}
 	c.graphRoot = storeOpts.GraphRoot
-	c.ImageCopyTmpDir = "/var/tmp"
+	c.ImageCopyTmpDir = getDefaultTmpDir()
 	c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod")
 	c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes")
 

vendor/github.com/containers/common/pkg/config/default_linux.go

@@ -3,6 +3,7 @@ package config
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 	"strconv"
 	"strings"
 
@@ -48,3 +49,12 @@ func getDefaultProcessLimits() []string {
 	}
 	return defaultLimits
 }
+
+// getDefaultTmpDir for linux
+func getDefaultTmpDir() string {
+	// first check the TMPDIR env var
+	if path, found := os.LookupEnv("TMPDIR"); found {
+		return path
+	}
+	return "/var/tmp"
+}

vendor/github.com/containers/common/pkg/config/default_unsupported.go

@@ -1,7 +1,10 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package config
 
+import "os"
+
 // getDefaultMachineImage returns the default machine image stream
 // On Linux/Mac, this returns the FCOS stream
 func getDefaultMachineImage() string {
@@ -22,3 +25,12 @@ func isCgroup2UnifiedMode() (isUnified bool, isUnifiedErr error) {
 func getDefaultProcessLimits() []string {
 	return []string{}
 }
+
+// getDefaultTmpDir for linux
+func getDefaultTmpDir() string {
+	// first check the TMPDIR env var
+	if path, found := os.LookupEnv("TMPDIR"); found {
+		return path
+	}
+	return "/var/tmp"
+}

vendor/github.com/containers/common/pkg/config/default_windows.go

@@ -1,5 +1,7 @@
 package config
 
+import "os"
+
 // getDefaultImage returns the default machine image stream
 // On Windows this refers to the Fedora major release number
 func getDefaultMachineImage() string {
@@ -20,3 +22,13 @@ func isCgroup2UnifiedMode() (isUnified bool, isUnifiedErr error) {
 func getDefaultProcessLimits() []string {
 	return []string{}
 }
+
+// getDefaultTmpDir for windows
+func getDefaultTmpDir() string {
+	// first check the Temp env var
+	// https://answers.microsoft.com/en-us/windows/forum/all/where-is-the-temporary-folder/44a039a5-45ba-48dd-84db-fd700e54fd56
+	if val, ok := os.LookupEnv("TEMP"); ok {
+		return val
+	}
+	return os.Getenv("LOCALAPPDATA") + "\\Temp"
+}

vendor/github.com/containers/common/pkg/config/nosystemd.go

@@ -1,3 +1,4 @@
+//go:build !systemd || !cgo
 // +build !systemd !cgo
 
 package config

vendor/github.com/containers/common/pkg/config/systemd.go

@@ -1,3 +1,4 @@
+//go:build systemd && cgo
 // +build systemd,cgo
 
 package config

vendor/github.com/containers/common/pkg/parse/parse_unix.go

@@ -1,3 +1,4 @@
+//go:build linux || darwin
 // +build linux darwin
 
 package parse

vendor/github.com/containers/common/pkg/retry/retry_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package retry

vendor/github.com/containers/common/pkg/seccomp/default_linux.go

@@ -236,6 +236,7 @@ func DefaultProfile() *Seccomp {
 				"lstat64",
 				"madvise",
 				"mbind",
+				"membarrier",
 				"memfd_create",
 				"memfd_secret",
 				"mincore",
@@ -249,6 +250,7 @@ func DefaultProfile() *Seccomp {
 				"mmap",
 				"mmap2",
 				"mount",
+				"mount_setattr",
 				"move_mount",
 				"mprotect",
 				"mq_getsetattr",
@@ -293,6 +295,7 @@ func DefaultProfile() *Seccomp {
 				"preadv",
 				"preadv2",
 				"prlimit64",
+				"process_mrelease",
 				"pselect6",
 				"pselect6_time64",
 				"pwrite64",
@@ -388,10 +391,15 @@ func DefaultProfile() *Seccomp {
 				"shmdt",
 				"shmget",
 				"shutdown",
+				"sigaction",
 				"sigaltstack",
+				"signal",
 				"signalfd",
 				"signalfd4",
+				"sigpending",
+				"sigprocmask",
 				"sigreturn",
+				"sigsuspend",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -405,6 +413,7 @@ func DefaultProfile() *Seccomp {
 				"sync",
 				"sync_file_range",
 				"syncfs",
+				"syscall",
 				"sysinfo",
 				"syslog",
 				"tee",
@@ -417,6 +426,7 @@ func DefaultProfile() *Seccomp {
 				"timer_gettime64",
 				"timer_settime",
 				"timer_settime64",
+				"timerfd",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_gettime64",

vendor/github.com/containers/common/pkg/seccomp/errno_list.go

@@ -1,3 +1,4 @@
+//go:build linux && seccomp
 // +build linux,seccomp
 
 package seccomp

vendor/github.com/containers/common/pkg/seccomp/filter.go

@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 // NOTE: this package has originally been copied from

vendor/github.com/containers/common/pkg/seccomp/seccomp.json

@@ -243,6 +243,7 @@
 				"lstat64",
 				"madvise",
 				"mbind",
+				"membarrier",
 				"memfd_create",
 				"memfd_secret",
 				"mincore",
@@ -256,6 +257,7 @@
 				"mmap",
 				"mmap2",
 				"mount",
+				"mount_setattr",
 				"move_mount",
 				"mprotect",
 				"mq_getsetattr",
@@ -300,6 +302,7 @@
 				"preadv",
 				"preadv2",
 				"prlimit64",
+				"process_mrelease",
 				"pselect6",
 				"pselect6_time64",
 				"pwrite64",
@@ -395,10 +398,15 @@
 				"shmdt",
 				"shmget",
 				"shutdown",
+				"sigaction",
 				"sigaltstack",
+				"signal",
 				"signalfd",
 				"signalfd4",
+				"sigpending",
+				"sigprocmask",
 				"sigreturn",
+				"sigsuspend",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -412,6 +420,7 @@
 				"sync",
 				"sync_file_range",
 				"syncfs",
+				"syscall",
 				"sysinfo",
 				"syslog",
 				"tee",
@@ -424,6 +433,7 @@
 				"timer_gettime64",
 				"timer_settime",
 				"timer_settime64",
+				"timerfd",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_gettime64",

vendor/github.com/containers/common/pkg/seccomp/seccomp_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux || !seccomp
 // +build !linux !seccomp
 
 // SPDX-License-Identifier: Apache-2.0

vendor/github.com/containers/common/pkg/seccomp/supported.go

@@ -1,3 +1,4 @@
+//go:build linux && seccomp
 // +build linux,seccomp
 
 package seccomp

vendor/github.com/containers/common/pkg/seccomp/validate.go

@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 package seccomp

vendor/github.com/containers/common/pkg/signal/signal_linux.go

@@ -1,5 +1,5 @@
-// +build linux
+//go:build linux && !mips && !mipsle && !mips64 && !mips64le
-// +build !mips,!mipsle,!mips64,!mips64le
+// +build linux,!mips,!mipsle,!mips64,!mips64le
 
 // Signal handling for Linux only.
 package signal

vendor/github.com/containers/common/pkg/signal/signal_linux_mipsx.go

@@ -1,3 +1,4 @@
+//go:build linux && (mips || mipsle || mips64 || mips64le)
 // +build linux
 // +build mips mipsle mips64 mips64le
 

vendor/github.com/containers/common/pkg/signal/signal_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 // Signal handling for Linux only.

vendor/github.com/containers/common/pkg/sysinfo/numcpu.go

@@ -1,3 +1,4 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package sysinfo

vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package sysinfo

vendor/github.com/containers/common/pkg/sysinfo/numcpu_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package sysinfo

vendor/github.com/containers/common/pkg/sysinfo/nummem_linux.go

@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package sysinfo

vendor/github.com/containers/common/pkg/sysinfo/nummem_unsupported.go

@@ -1,4 +1,5 @@
-// +build windows, osx
+//go:build (windows && ignore) || osx
+// +build windows,ignore osx
 
 package sysinfo
 

vendor/github.com/containers/common/pkg/sysinfo/sysinfo_solaris.go

@@ -1,3 +1,4 @@
+//go:build solaris && cgo
 // +build solaris,cgo
 
 package sysinfo

vendor/github.com/containers/common/pkg/sysinfo/sysinfo_unix.go

@@ -1,3 +1,4 @@
+//go:build !linux && !solaris && !windows
 // +build !linux,!solaris,!windows
 
 package sysinfo

vendor/github.com/containers/common/pkg/sysinfo/sysinfo_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package sysinfo

vendor/github.com/containers/common/pkg/umask/umask_unix.go

@@ -1,3 +1,4 @@
+//go:build linux || darwin
 // +build linux darwin
 
 package umask

vendor/github.com/containers/common/pkg/umask/umask_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux && !darwin
 // +build !linux,!darwin
 
 package umask

vendor/github.com/containers/common/pkg/util/util_supported.go

@@ -1,3 +1,4 @@
+//go:build linux || darwin
 // +build linux darwin
 
 package util
@@ -19,6 +20,12 @@ var (
 	rootlessRuntimeDir     string
 )
 
+// isWriteableOnlyByOwner checks that the specified permission mask allows write
+// access only to the owner.
+func isWriteableOnlyByOwner(perm os.FileMode) bool {
+	return (perm & 0722) == 0700
+}
+
 // GetRuntimeDir returns the runtime directory
 func GetRuntimeDir() (string, error) {
 	var rootlessRuntimeDirError error
@@ -43,7 +50,7 @@ func GetRuntimeDir() (string, error) {
 				logrus.Debugf("unable to make temp dir: %v", err)
 			}
 			st, err := os.Stat(tmpDir)
-			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
+			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && isWriteableOnlyByOwner(st.Mode().Perm()) {
 				runtimeDir = tmpDir
 			}
 		}
@@ -53,7 +60,7 @@ func GetRuntimeDir() (string, error) {
 				logrus.Debugf("unable to make temp dir %v", err)
 			}
 			st, err := os.Stat(tmpDir)
-			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
+			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && isWriteableOnlyByOwner(st.Mode().Perm()) {
 				runtimeDir = tmpDir
 			}
 		}

vendor/github.com/containers/common/pkg/util/util_windows.go

@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package util

vendor/modules.txt

@@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
-# github.com/containers/common v0.47.5-0.20220228211119-9880eb424fde
+# github.com/containers/common v0.47.5-0.20220318125043-0ededd18a1f9
 ## explicit
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests